Computer security news. Just for Macs.

Get the latest computer security news for Macs and be the first to be informed about critical updates. Industry news, security events and all you need right at your fingertips. Malware threats change daily, so keep up to date on the latest developments to help ensure your privacy and protection. You can never be too safe.

PGP 10 WDE for Mac OS X

Posted on May 12, 2010

Posted: May 12th, 2010

On the average a premium Macbook costs you about 3 grand; at least mine did.

Losing your Macbook nowadays means a lot more than just losing 3 grand. It means calling a lot of people to cancel credit cards and bank accounts, online accounts like eBay, PayPal and Facebook and hoping that any movies or pictures you had saved on your Macbook aren’t viewed and posted online. All in all this loss could amount to thousands of your dollars and hundreds of your hours. This insult to injury can all be avoided by securing your Macbook before you get a chance to lose it; be it purposeful theft or plain forgetfulness.

Losing your encrypted Macbook means just losing 3 grand.

Visually you can plainly see the two examples above differ drastically; why not choose the less chaotic one? Making the smart choice now means not worrying about it when it happens – because it will happen – to you.

WDE

The smart choice is using PGP Whole Disk Encryption for Mac OS X (Snow Leopard). If you don’t already know PGP means Pretty Good Privacy and since the early 90’s PGP has evolved with the times to ensure it’s users keep their information private with the best quality of encryption and at the same time the most transparent functionality. This means you can use your Macbook without having to change your normal habits.

PGP Whole Disk Encryption (WDE) is really the number one solution to ensure your entire hard disk is encrypted and only accessible by you. Anyone else that tries to read the data gets nowhere as all they see is gobbledygook no matter how they try and look at it (for example taking out the hard disk and placing into another system). Also this means that they can’t modify the data without you knowing. All they can really do is erase the disk to be able to use the Macbook without your data. This further ensures your sensitive data is well protected. You can buy a new Mac, reload your backups and go on with your life.

The computer lifecycle is a lengthy one and PGP WDE offers you the user to be able to decrypt their hard disk at will (taking around the same time it took to encrypt it) so that you can upgrade you operating system; diagnose your hard disk; or replace the hard disk with a larger one. Once you’ve completed their upgrade you can re-encrypt the hard disk again either using the same passphrase or a new one.

Encrypting and decrypting a PGP WDE hard disk varies based on processor and hard disk however a good proven metric used is 80 GB (regardless if it is full or empty) takes about 3 hours to encrypt (this is only done initially); larger hard disks will take longer however it isn’t necessary a linear metric. For example a 500GB external firewire 800 disk took only 11 hours.

Remember secure passphrases are no longer about mind-bending complexity as once thought. It is more about length so make your passphrases unique and long for example: “Mary Had a Little Lamb Whose Fleece was White as Snow” would certainly suffice and keep attacks at bay for thousands of years. Also a passphrase that is easy for you to memorize without writing down adds an extra layer of security.

Once your hard disk is encrypted you won’t notice it running and that’s the point! When you are bothered with constant messages and popups you tend to tune them out and usually disable them thus taking a hit on security. In a transparent system such as PGP Whole Disk Encryption you aren’t bothered with a tirade of annoyances.

To set up basic PGP WDE requires only for you to create a passphrase for the account you want to assign it to. Once it is complete when you restart your system you are prompted with a PGP branded login called PGP BootGuard.

Once you’ve entered the passphrase you are presented with your normal login you originally configured for your Mac. Apart from the background encryption process it couldn’t get any simpler.

Boot Camp

There are all types of Mac users out there. Some will never see a Windows world or need to. Others will have to use Windows for work or usage of special applications that haven’t been written for OS X. Those that don’t opt for using virtualization with products such as VMWare, Parallels and VirtualBox will then be using Apple Boot Camp. This means that the Mac’s hard disk is partitioned to where Snow Leopard is loaded in one partition and Windows is loaded on another partition. You then has a choice which partition (hence operating system) you want to load at any given time.

It doesn’t make sense to just encrypt one partition and leave the other one unencrypted so PGP WDE requires in a Boot Camp environment that the entire disk (which contains both partitions) be encrypted offering ultimate security for both Mac and Windows. When booting into Mac or Windows with WDE enabled you’ll get a specialized login called PGP BootGuard. Entering your established and unique passphrase will decrypt the disk while you use it; transparently. Once you power off your system it remains in it’s encrypted state until you login again.

The point your system would be most vulnerable would be when it is unencrypted so if you leave your Macbook laying around make sure you lock the screen either manually or by setting a screensaver that requires your login credentials to gain access to your desktop. In encryption security you are the weakest link; whether are you are home or work always lock your computer while you are away so it becomes muscle memory and you won’t have anything to worry about. This is one habit that is good for you.

Time Machine

Keeping timely backups of your system with Apple’s Time Machine is a given for data recovery when you accidentally delete something or your primary hard disk crashes and becomes unusable. Naturally you’d want your “security bubble” to not only encompass your Macbook but also when someone breaks into your home steals your external backup firewire disk. You’d want to make sure you at least had the same protection and with PGP WDE you can follow up with the same protection your Macbook offers. The same goes for additional USB keys and anything your are burning on optical media such as CD-ROMs and DVD-ROMs. In some cases you’d want to use PGP Virtual Disk or PGP Zip depending on the portability you are looking for. In either case you want to make sure your data is safe and secure at all times.

One caveat of an encrypted hard disk is that if something goes wrong with the disk and it becomes unbootable you can say goodbye to your data that hasn’t been backed up on an external disk. Best to always back your data up a few times especially if it contains monetary value to you.

Support

There are two important factors when thinking of buying a product. The product itself and the support the product has. Without a solid support system a product is what you get at face value and just that. In the case of PGP WDE / Desktop Professional there is a rich user support forum and knowledge base and it’s Bronze support where you have access to PGP Support Engineers and the PGP Support portal. It’s PGP Perpetual Licensing entitles you to use the software indefinitely plus receive all upgrades and updates during the support period; which is renewable.

Most users won’t come across issues where escalation is required however it is offered and made available “just in case” you are one of the lucky ones.

GUI

Last but not least is the well fitting Graphic User Interface that PGP WDE offers to the Mac side of the house.

A lot of times the graphics suffer on products with a lot of technical offerings but not this one. From the optional little lock on the menu bar that gives you access to the PGP Desktop application and WDE feature to the contextual services the GUI is very sensible, uniform and intuitive to what Mac users are accustomed to. Once you’ve played with the application a few times it makes a lot more sense.
Thoughts and conclusion

Oftentimes when I am speaking to folks about disk encryption they immediately inquire as to why would anyone want to encrypt their disks as if someone that does has something to hide. The plain truth is that this is the digital age where it isn’t about hiding anything more so than protecting your personal assets or the personal assets of others (such as in a corporate environment where someone’s Macbook may contain millions of social security numbers or credit card data). With constant reminders in the news about crimes committed with identity theft and data loss it is really amazing that everyone isn’t using Whole Disk Encryption. Again it isn’t about if you’ll lose your data; it’s about when and how to best handle it. You’ll always get a good night’s rest knowing your data is strongly encrypted.

Now that my Macbook is secured against data loss; I’m really looking forward to a mobile version for my iPhone. 😉

Rating

5/5 – [comparison] At the time of this writing there is no other comparable product to compare PGP WDE for Mac OS X (Snow Leopard) against.

5/5 – [ease of use] After registering, downloading and installing the product you are a few clicks away from being fully encrypted. The decryption process is just as easy.